# ─── DOKS Cluster ─────────────────────────────────────────────────────────────

resource "digitalocean_kubernetes_cluster" "main" {
  name    = "lunarfront"
  region  = var.region
  version = var.k8s_version

  # Required by provider but managed externally — do not let Terraform recreate
  node_pool {
    name       = "workers"
    size       = "s-2vcpu-4gb"
    node_count = 0
  }

  lifecycle {
    ignore_changes = [node_pool]
  }

  tags = ["lunarfront", "k8s"]
}

# Customer pool — auto-scales for customer app instances
resource "digitalocean_kubernetes_node_pool" "system" {
  cluster_id = digitalocean_kubernetes_cluster.main.id
  name       = "system"
  size       = var.k8s_system_node_size
  node_count = 2
  labels = {
    role = "system"
  }
}

resource "digitalocean_kubernetes_node_pool" "customers" {
  cluster_id = digitalocean_kubernetes_cluster.main.id
  name       = "customers"
  size       = var.k8s_customer_node_size
  min_nodes  = 0
  max_nodes  = var.k8s_max_customer_nodes
  auto_scale = true
  labels = {
    role = "customer"
  }
}

# ─── DNS — wildcard for customer subdomains → cluster load balancer ───────────
# Uncomment after the cluster is up and nginx ingress load balancer IP is known.
# Set cluster_lb_ip in terraform.tfvars then re-run terraform apply.

resource "cloudflare_record" "apps_wildcard" {
  zone_id = data.cloudflare_zone.main.id
  name    = "*"
  type    = "A"
  content = var.cluster_lb_ip
  proxied = true
  ttl     = 1
}